To resolve the remaining open issues as outlined in the proposed "Plan to Get to Last Call", using calls for objections as necessary. That is, implement the plan that we jointly finalise to bring both Compliance and TPE to Last Call and beyond.

Go with the proposed plan, and also queue concerns and open challenges for a DNT 2.0 release in order to allow us to focus on the essentials and to postpone features that are, e.g., not ready for immediate implementation.

Details

Responder

Comments

Haakon Bratsberg

Matthias Schunter

Alan Chapell

After careful consideration, I think its time to focus limited resources in other places. As has been communicated to me by many other TPWG members both publicly and privately, this group is unlikely to reach consensus - and there is significant risk that the W3C will attempt to force a consensus upon this group.

Its unclear how many TPWG members will be in position to publicly support option 5 - and also unclear how many votes for Option 5 it would take for the W3C to cease moving forward.

Working under the assumption that the W3C may chose to move forward regardless of how many WG members vote for #5, I (like many others) will be compelled to continue to the extent this WG continues to operate.

But if you're asking for my public indication of support, then I support option 5.

David Singer

We already have issues that are indicated as "beyond 1.0", and trying to cram everything into V1 is a recipe for endless tension, as people fear "If I don't solve this now, I won't get a second chance". De-coupling the two means it's impossible to explain to users what the "base" they get is, as we have agreed that browsers ought to do; publishing compliance later or not at all makes this impossible.

Walter van Holst

The missing and, under the circumstances, best option is to end this working group or at least suspend it.

Erik Neuenschwander

Bryan Sullivan

Vinay Goel

Adobe believes that the purpose of DNT:1 is to allow a user to indicate his/her explicit privacy preference. The signal should not represent another company’s suggested privacy preference for the user. The Working Group was created to define the protocol for DNT:1 – both how it is represented within HTTP and how a server responds to a DNT:1 signal. The protocol needs to be defined so a company can implement it, and the Internet community needs to be able to determine where there are failures in implementation.

The TPWG was created over two years ago, yet there is still no consensus on the definition of track, the actual harms this privacy preference is trying to address, and how to ensure the DNT:1 privacy preference is set only by the user. The TPWG has seen numerous changes of the chairs and the chairs’ attempts to reach consensus; and with the turnover and perceived lack of interest in addressing these fundamental issues, there is a significant amount of frustration and lack-of-trust that has been exacerbated by confusion over process.

The TPWG has thus far avoided addressing some of the most fundamental issues necessary to define the protocol. The TPWG has already agreed that DNT is intended to express an individual user’s preference regarding tracking, but we haven’t agreed to a single definition of what tracking means. The TPWG must agree on what the preference means before we can adequately judge which solutions or constraints are sufficient to meet that preference.

To move forward, Adobe strongly suggests the TPWG re-focus on the TPE instead of the Compliance specification. The TPE is mostly drafted by consensus; whereas the Compliance specification has very little consensus. Without this change of direction, the TPWG will never reach consensus on the fundamental issues identified above. Instead, Adobe predicts the chairs’ plan to address these issues via the objection process (according to its proposed plan) will only frustrate participants further. Adobe also predicts that following the proposed plan will lead to a mishmash protocol that will see little-to-no servers that implement the protocol.

Ted Leung

Brooks Dobbs

My preference at this point would be for the group to stop. I will continue to participate (hopefully along the paths outlined by options 3 or 4 - if we must continue). This continued effort however makes sense only to avoid the potential for a solution by attrition, whereby we have a specification which is not consensus but instead reflects only the opinion of the last man standing. This outcome looks increasingly possible and would, in my opinion, lastingly tarnish the reputation of the W3C.

I share in what appears to be the only consensus this group has recently achieved, that the parties have positions which are not able to be reconciled within a organization established to draft technical standards. Sadly, I think that we have also found agreement across the membership that there have been substantial procedural lapses, lapses, which diminish everyone's confidence in a fair and procedurally correct outcome.

We are now moving down a path where, well intentioned and committed participants (on both sides), struggle to keep track of the procedural nuances which now dominate discussions. The majority of working group time is spent dealing with procedural issues rather than substantive ones, likely because substantive agreement is not to be found.

We are now two years into this process and haven't defined tracking! Countless hours have been spent, and we can't even agree on the thing we've set out to do?! I find that shameful. When you don't have a problem statement, you aren't going to get a solution. I am not sure how that concept was lost, but it appears it has. I hope it serves as a learning tool for future efforts.

Nick Doty

Jeffrey Chester

This proceeding is so flawed--it's a farce. Global online users deserve better--from industry, WC3, and also regulators. Users require tools and policies that can help them control the growing collection and tracking apparatus that threatens their privacy across the digital landscape.

David Wainberg

While I fully support the goal of providing users meaningful privacy protection and meaningful choice with respect to data collected about them, I have chosen option 5 as my preferred option to re-emphasize concerns I have previously raised about the process under which we are developing the TCS document. The process has been a poor fit for the task at hand. We embarked on 2 years worth of work without clearly defining a problem, or set of problems, to be solved; without defining goals and criteria; and without a process for ensuring adequate input from the parties likely to be most affected by the specification.

As I said prior to the August break, without bringing sufficient clarity to the aims of the group, and the process by which we will achieve those aims, there will not be a viable path forward for the compliance document, and since then, we have not achieved such clarity. Instead, we have substituted substantive process with the appearance of process -- polls, strict deadlines, chairs' decisions -- that may achieve an end for ending's sake, but without regard for the end result.

Therefore, it is not that "continuing to work in the group is not in [my] interests." I have no choice if the work continues, given the potential negative impact on the Internet from a flawed specification. If the work does continue, I will participate, but my recommendation and preference would be to focus our efforts on the technical specification, which is nearly complete.

Sid Stamm

If we focus on getting DNT 1.0 out the door but don't lose sight of how we want it to grow, it not only moves us forward and also gives everyone view of how we're going to make it better. We've spent a lot of time on it, but it's time to carve out a first version. This is why I prefer option 2.

Lee Tien

We appreciate the efforts of the W3C and all of the chairs to date, but EFF has lost confidence that the process will produce a standard that we would support. We therefore prefer that the group simply end. If the group continues, we would seriously consider dropping out.

Berin Szoka

I object to the form of option 5. I have voted yes and prefer this option not because I feel that "continuing to work in the group is not in [my] interests" but because I feel it is not in the interests of Internet users in general. I believe that the Internet ecosystem would be better served by continuing work on Do Not Track in a forum other than the W3C.

Chris Mejia

My vote expresses our disappointment with the past and current W3C process (lack of consistent and fair process that we have documented time and again) and our skepticism that the group will ever reach genuine consensus through this convoluted process. This is a viewpoint that was recently expressed by Peter Swire when he stated that he did not see a path to consensus. In addition, several privacy advocates have either quit the working group or already voted No Confidence in the poll.

While our strong preference is for Option 5, IF the W3C staff determine that the TPWG should continue despite our concerns and the well founded concerns of others, we will remain engaged to the extent that our members remain engaged and/or may be affected by the outcome. In this case, we would urge the W3C to delink the technical specification (TPE) from the Compliance Specification (options #3 and #4) as we believe this is would be the best path forward.

Rob van Eijk

Daniel Jaffe

Richard Weaver

Rachel Thomas

Unfortunately, the W3C TPWG process now seems unlikely to result in anything more than an academic, intellectual exercise. However, DMA will continue to participate in that process in good faith for the foreseeable future in order to ensure that the interests of DMA members are represented should the TPWG continue its work.

Ninja Marnau

Luigi Mastria

Today, parties on all sides agree that the TPWG is not a sensible use of W3C resources and that the process will not lead to a workable result.

Rather than continue to work in a forum that has failed, we intend to commit our resources and time in participating in efforts that can achieve results while enhancing the consumer digital experience. The DAA will immediately convene a process to evaluate how browser-based signals can be used to meaningfully address consumer privacy. The DAA looks forward to working with browsers, consumer groups, advertisers, marketers, agencies, and technologists. This DAA-led process will be a more practical use of our resources than to continue to participate at the W3C.

As we've noted in the past, the W3C “has been designed to build consensus around complex technology issues, not complex public policy matters.” The lack of progress of the TPWG to date is a testament to this fact.

During more than two years since the W3C began its attempt at a dnt standard, the DAA has delivered real tools to millions of consumers. It has grown participation; enhanced transparency with more than a trillion ad impressions per month delivered with the DAA’s Icon making notice and choice information available within one-click of the ad; educated millions of consumers and provided browser-based persistent plug ins. The DAA has also succeeded in applying its principles to all of the participants in the digital ecosystem. Furthermore, we have expanded these consumer safeguards into 30 countries and clarified how the DAA’s Principles apply in the mobile Web and app environments.

Going forward, the DAA intends to focus its time and efforts on growing this already-successful consumer choice program in “desktop,” mobile and in-app environments. The DAA is confident that such efforts will yield greater advances in consumer privacy and industry self-regulation than would its continued participation at the W3C.

The DAA will continue to move forward in its own area of expertise, advancing consumer control, transparency, and other critical practices through its own program.

Jeff Jaffe

I believe that the broad stakeholders of the web community require a DNT standard. I know of no other venue where that might take place.

Theresa O'Connor

Kathy Joe

Ionel Naftanaila

Adam Phillips

Mike O'Neill

We need an implementable standard as soon as possible, but compliance must be clear & meaningful. If a consensus on the compliance standard cannot be reached we should at least make sure the signal and API is fit for purpose and let legislators or the market decide on what compliance should mean.

Thomas Schauf

From a European perspective W3C TPWG process unfortunately is very US-centric, esp. discussion on compliance specs is not reflecting global needs/considerations and also not several legal needs. Further it seems now unlikely to result in intellectual exercise, far away from a pragmatic approach.

However, should the W3C TPWG continue its work, BVDW will continue to participate in good faith in in order to ensure that the needs and interests of our members based and/or acting in Germany and Europe are represented.

John Simpson

After a good faith effort from participants, it is crystal clear that this working group cannot reach a meaningful consensus on a Do Not Track Compliance Standard. The working group should be disbanded.

Implementing Do Not Track will require legislation or some other form of formal rule making. Attempting to continue with this effort will undermine W3C's credibility and squander multiple resources on a project destined to fail.

There is nothing dishonorable in admitting our differences are too great to overcome.

Amy Colando

The Microsoft participants in the TPWG believe that Options 1 and 2 provide the best path forward for the TPWG, while being open to Option 3 as a practical measure given the current status of TPE and Compliance specifications.

Microsoft’s customers expect strong privacy protections to be built into our technologies, and we believe that DNT holds potential to help them better manage their online privacy. However, until stakeholders collectively agree on what DNT means and how it should be implemented, its promise will not be fully realized.

From the beginning of this TPWG process, and now with all major browsers offering users the ability to send DNT signals, there has been broad consensus that it is important to be able to explain the meaning of DNT to users in a consistent manner. In order to accomplish this the interdependencies between TPE and Compliance documents must be aligned. In practice this means that they should progress to CR and the corresponding call for implementations simultaneously. This rules out option 4. Since the TPE document appears to be further along, Microsoft can live with an earlier Last Call for TPE (option 3) to give more time for comments. This will be more successful if the dependencies between the documents are more clearly articulated in the TPE spec first.

At Microsoft, our preference is to work through the issues following the (long established but rarely practiced) working group decision policy [1]. Members have already devoted substantial resources to identifying specific Change Proposals during the summer, and members have continued to submit specific text proposals more recently in alignment with the call to raise and document issues by mid-October. We should work through these Change Proposals via the decision policy. We felt that this process worked well in settling highly contentious issues in the HTML Working Group from which some of the principles were drawn. Further, we believe that it is important to adopt a predictable work schedule that also echoes the HTML WG style: once an issue enters the process for consideration and filing of counter proposals there are clear predictable deadlines that avoid surprising members of the group. As part of that process, we acknowledge that members may identify issues that should be deferred to DNT 2.0, but we are concerned that attempting to identify topics for DNT 2.0 planning in advance will slow down substantive discussions.
Following the decision policy will be key to implementing the proposed plan (option 1) and it is important that everybody understands this process. In the HTML WG there was the opportunity for people to raise issues and seek clarifications against the decision policy and this helped to refine both the description of the process and its implementation. One recommendation we have is to invite the HTML WG chairs to a TPWG telcon to discuss their experience with the HTML WG process and to answer any questions members have.

A final, meaningful DNT standard will help build greater trust across the Internet ecosystem and we look forward to continue working together to achieve this goal.

[1] http://www.w3.org/2011/tracking-protection/decision-policy.html

JC Cannon

Brad Kulick

We have been working on this for 2+ years without consensus or resolution -- this alone should eliminate option one. It is painfully clear that coming to consensus on the compliance spec is non-trivial. However, the TPE does not appear to have the same challenges. Therefore, I suggest we finalize the TPE first. Then return to the compliance spec. While we have yet to reach consensus on many of the issues within the compliance spec, the lack of process integrity is as much or more to blame for this as anything else. Despite the ongoing contention, the group has made progress in some areas. However, these have been undone by haste and process shift. If we can ensure the process is clear and will remain intact, this group can make progress to provide a meaningful enhancement to the Internet ecosystem.

Jeff Wilson

Chris Pedigo

OPA believes DNT could be a useful tool to give consumers additional choices and control over 3rd party data collection. While consumers enjoy choices over which websites they can visit and which 1st parties they share information with, they are often unaware of which 3rd parties are tracking them. We are pleased that the working group recognizes the different relationships that consumers have with 1st and 3rd parties, and we will continue to work constructively to build a viable DNT standard.

Adrian Bateman

Shane Wiley

I believe the Working Group and the W3C as an institution would be best served by quickly completing the TPE specification and moving forward to Last Call to begin testing as soon as possible. This will allow us to build the communications infrastructure needed on both sides (Browser / Server) to effectively transmit a tracking preference and response. The TPE is nearly completed, will require little effort to finish, and will provide invaluable feedback to the group on what does and does not work in practice. This is where the W3C excels and we should leverage this opportunity to make meaningful progress forward.

The Compliance and Scope document should continue in parallel but we’ll need to first address the numerous process and subjective decision elements embodied in the plan of record today. The confusion surrounding the process and the unease with how this may be shaped going forward is palatable on both sides – and we should take more time to agree on how best to approach this problem. The W3C process is arguably not the best fit for a Policy discussion but I believe we can collectively design a path forward. Rather than have W3C Staff and Co-Chairs dictate how they want the process to work (often with conflicting messages), I believe it’s time to involve the working group in defining how best to architect a process that will lead to a positive outcome.

Jack Hobaugh

Comments for Option 2: This option presents the most significant challenges and is the least efficient path for moving forward with the TPWG. A major concern expressed by many stakeholders is that this option simply postpones the difficult questions into a version 2 standard rather than resolving the issues as part of a group that has been seeking to address DNT for over two years. While I understand why this approach may be appealing to some because it allows the TPWG to produce a standard more quickly, I am genuinely concerned that this “kick the can” approach is potentially harmful to the Internet eco-system without providing significant user privacy gains. The lack of certainty and intent to go back and refine or address problems would come at a significant cost for participants on the global Internet marketplace.

Comments for Options 3 & 4: If the W3C decides to continue efforts within the TPWG, an option such as option 3 or option 4 presents the best path forward to reach consensus within the TPWG. It is well accepted that the technical specification (TPE) is in a better form to proceed to a Last Call draft through TPWG consensus than the compliance document. Generally, technical issues are easier to reach consensus on than policy/compliance issues and W3C has experience setting technical standards.

Comments for Option 5: After two years, the TPWG was not able to meet the July 2013 deadline to produce a Last Call draft. It was not for lack of good faith efforts on the part of many people. Because the TPWG has not been able to reach consensus on the major issues, such as the definition of “tracking,” many stakeholders have lost confidence that a consensus on these issues can be reached in a productive and efficient manner. It is my understanding that because the TPWG has not been able to reach consensus within the TPWG, the TPWG Tri-Chairs will exercise more control over the process of reaching “consensus” through a least strong objection procedure to close issues one by one. There is concern by many stakeholders that closing issues in this manner would produce a disjointed standard that is potentially harmful to the Internet eco-system, would not be widely adopted, would not reflect a true group consensus, and would not provide significant privacy gains to users. Moreover, I respectfully disagree with the perspective that the TPWG is the only or best venue to reach consensus on a standard for browser-based choice mechanisms and consumer privacy. NAI is deeply committed to consumer privacy, developing and enforcing the highest self-regulatory standards for digital advertising, offering consumers choice and control over data collection, and promoting the health and diversity of the Internet eco-system. My concern is not the laudable objective of providing users with additional choice mechanisms or control, but with the TPWG’s inability to produce a workable and practical standard or even develop a consistent procedure for this group’s work. Should the W3C decide to move forward with the TPWG however, NAI reserves its right to participate. I thank you for the opportunity to share our views and express our perspective. Please let us know if additional information would be helpful.

Tara Whalen

Given that DNT is already being deployed, I support the idea that those contributing to deployment efforts deserve to have a place for working on a specification.

Justin Brookman

CDT believes that continuing the work of the Tracking Protection Working Group represents the most likely path forward to allow companies to deliver for users a voluntary, persistent, universal means to turn off behavioral personalization and limit cross-site tracking. The group has worked diligently for over two years to think through the difficult policy problems associated with Do Not Track; we have made considerable progress, and the remaining unresolved issues are now documented and queued for discussion by the group. The recent Chairs' decision to proceed with the June Draft as the base text for discussion set the group in a clear direction toward finalizing the standard which we believe will give users an important tool to limit online tracking while still allowing for the delivery of online advertising. Importantly, W3C has adopted a new, streamlined process to resolve these outstanding issues and put forward a last call document for testing and implementation. Today, for instance, the group came very close to consensus on two of these remaining issues (the definition of tracking and the permitted use for security and fraud prevention), and we have a clear schedule for making definitive determinations on these and other issues in the coming weeks. The Call for Objections process is admittedly an imperfect mechanism for resolving contentious issues, but it is preferable to repeatedly reliving the same circular discussions without closure, or to walking away from this effort entirely and abandoning the progress we have made.

If the group makes the decision to disband, we are likely to see an escalation in tactics by regulators, browser and OS vendors, consumer groups, and online third parties to either limit or harden online tracking capabilities. Do Not Track seems like a considerably more desirable outcome for all involved than blanket third-party resource blocking, invisible browser fingerprinting techniques that users cannot detect or control, or hastily enacted and possibly contradictory legislation in multiple jurisdictions. While the DAA has recently announced its own intent to work on Do Not Track-like technologies,[1] that effort has not even begun, while the W3C has already invested years of work into generating a transparent and open standard. Moreover, while trade associations such as the DAA has made incremental (and important) improvements to provide consumers some degree of notice, control, and data minimization with regard to behavioral advertising, it must be noted that industry's failure to sufficiently self-regulate to provide a persistent, universal means to limit cross-site data collection was what led to the calls for a Do Not Track mechanism in the first place (by consumer groups in 2007, and ultimately by the Federal Trade Commission in 2010).

Proceeding with the Tracking Preference Expression specification alone, or even exclusively in the short term, would be counterproductive and contrary to the group's charter. Today, users are able to technically signal that they do not wished to be tracked in all browsers. For the most part, those signals are not being honored. The key work that needs to be done is to determine what a DNT signal *means*, who must honor it, how, and how the signal can be set in the first place. Delaying that work indefinitely to solidify the technical standard would simply postpone the critical work, and ultimately set the stage for a fractured standard, or a weak standard, or both. Even disbanding the group entirely and ending work on Do Not Track would be preferable to spending more of the W3C members' resources on the creation of a half standard with no meaning that consumers could not trust.

Thank you very much for the opportunity to participate in the poll and express our viewpoints on the progress of the TPWG. As numerous participants in the TPWG on all sides of the debate (privacy advocates, industry, third parties, first parties, etc.) have stated in comments, after two years of good faith efforts and hundreds of hours of hard work, the TPWG has been unable to reach consensus on even the most fundamental issues around a browser-based choice mechanism. I fully support the goals of this effort -- to provide consumers with additional tools to express choice around data collection and use -- but I am genuinely concerned that this is not the appropriate venue to set policy (as opposed to technical standards) for the Internet. Although I believe that this specific group is no longer an efficient path forward, I am committed to continuing to work with all stakeholders on consumer privacy and improving users' experience online. I would be delighted to provide additional information if it would be helpful and discuss alternative and potentially more productive initiatives to cooperate on privacy, consumer choice, and user control to help ensure that we have a robust, diverse and trusted online ecosystem. Thank you very much.

Roy Fielding

Since this poll is for participants, I am responding on my own behalf as an editor of TPE, a long-time Web standards author, and a former W3C Team member. See Vinay's response for an official Adobe opinion.

The W3C process was designed to facilitate groups that wish to reach consensus decisions based on attaining a common goal; decisions that could be realized in the form of participants' current or planned implementations. Unfortunately, too many of this working group's participants have no planned implementations, are actively working against the definition of a common goal, and don't even understand how common services are implemented today (let alone the impact of some of their own proposals on others). They have no reason to compromise because a successful DNT standard would undermine their own agendas.

The compliance document is supposed to define the terms by which users and implementers can understand and communicate a tracking preference. It has utterly failed to do so. Instead, members have treated it as an open-ended opportunity to legislate against the behavior of others, based on their own agendas and opinions, without any recognition that this is not a representative body of law.

The past chairs have done nothing to dissuade proposals that have no backing from those intended to implement them. Instead, we have spent ridiculous amounts of time discussing opinions on compliance that not a single person has agreed to implement.

I see no end to this debate, short of ending the Compliance spec as a deliverable. It was a bad idea to split the deliverables in the charter. The W3C should recognize and correct that failure. No application-level protocol should ever be separated from its own semantics.

The protocol does not need a compliance specification. What it needs is a definition of tracking that can be communicated to a user and accurately reflects what the user wishes to have turned off. Given such a definition and common implementations by browsers that match the semantics given by the user, a site can directly communicate in the various response mechanisms whether it intends to honor that preference. That is more than sufficient to support regulators of privacy policies, regardless of geographic region.

To be clear, I am completely opposed to the W3C working on a mystery compliance spec after the protocol has been defined. The protocol must define its own semantics.

More details on responses

Haakon Bratsberg: last responded on 20, September 2013 at 13:04 (UTC)

Matthias Schunter: last responded on 24, September 2013 at 12:12 (UTC)